Home » News » Information Commissioner issues first Data Protection Act Fines
 

Main Menu

Solutions and Services

Case Studies

Accreditations

  • JoomlaWorks Simple Image Rotator
  • JoomlaWorks Simple Image Rotator
  • JoomlaWorks Simple Image Rotator
  • JoomlaWorks Simple Image Rotator
  • JoomlaWorks Simple Image Rotator
  • JoomlaWorks Simple Image Rotator
  • JoomlaWorks Simple Image Rotator
  • JoomlaWorks Simple Image Rotator
  • JoomlaWorks Simple Image Rotator
Information Commissioner issues first Data Protection Act Fines Print E-mail

The Information Commissioner Christopher Graham has issued the first two fines for breaching the Data Protection Act, following changes to the Act in April.  A County Council is to be fined £100,000 for sending a fax containing detail of a child sex abuse case to a member of the public.  And a private company will be fined £60,000 after issuing an unencrypted laptop containing personal data to an employee to work at home.

 

"These first monetary penalties send a strong message to all organisations handling personal information - get it wrong and you do substantial harm to individuals and the reputation of your business. You could also be fined up to half a million pounds." said Mr Graham.

Hertfordshire County Council was fined after incidents where two faxes containing highly sensitive personal information involving a child sex abuse case and care proceedings were sent to the wrong recipients.  The first fax was intended for a barristers' chambers but was instead sent to a member of the public.  The second misdirected fax was supposed to go to Watford County Court but ended up going to a barristerc chambers unconnected with the case.  The level of the £100,000 fine was deemed appropriate by the ICO given the council did not take sufficient steps to improve it's processes following the first breach.

In the second case, Sheffield-based A4e has been fined £60,000 for losing an unencrypted laptop with the personal details fo 24,000 people who had used community legal advice centres.  The laptop was given to an employee to work from home, but was subsequently stolen from the employees house.  The ICO ruled that A4e did not take reasonable steps to prevent the data loss, despite knowing the amount and sensitivity of the data.

"These two fines demonstrate that the Information Commissioner is going to come down hard on organisations that fail in their duty of care to the data they hold" said Jon Stanton, Director of PEM IT Services.  "Every organisation needs to look at the information they have and ensure that it is properly protected, particularly when transmitted or taken out of the office environment."